View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. What Is
February 15, 2017updated 17 Feb 2017 5:13pm

CASB Explained

In five questions or less, an industry expert defines and explains a technology, term or trend in CBR’s Tech Express – with this installment seeing Eduard Meelhuysen, head of EMEA at Bitglass, explain CASB - Cloud Access Security Broker.

By Ellie Burns

CBR: What is a CASB?

EM: A Cloud Access Security Broker (CASB) acts as a gatekeeper between a company’s data/devices network perimeter and the multiple cloud services it employs.

CASB software allows companies to extend their security policies to SaaS applications such as Salesforce, Dropbox or Office 365, and IaaS such as AWS or Azure. In a nutshell, CASB helps companies ensure that corporate data is secure end-to-end, from cloud to device and vice-versa, respectable of the device (managed or unmanaged (BYOD)), location or user.


CBR: Why do businesses need CASB?

EM: The SaaS applications used by so many organisations today are transformative, but they store (sensitive) data outside the corporate network and on-premises security systems and policies. This means that the additional layers of visibility, data protection and access control provided by CASB are required to ensure both secure and compliant public cloud usage.

In addition, modern BYOD policies can leave businesses staring liabilities in the face as employees begin to use cloud services without the IT department’s knowledge. This so-called ‘Shadow IT’ leaves data in the dark. Businesses have a responsibility to keep track of sensitive data, and with GDPR around the corner there’s no room for complacency. CASB can help enterprises make a compliant move to the cloud.


CBR: What do CASBs provide businesses?

EM: CASBs provide businesses with four key capabilities:

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Visibility: CASBs are unique in their ability to provide visibility over all cloud apps deployed in an organisation.

Compliance: CASBs impose controls on cloud usage to ensure compliance with specific industry regulations such as GDPR.

Data security: Using data classification and user behaviour analytics, CASBs enforce security policies and monitor sensitive data access and usage across all user devices.

Threat protection: CASBs prevent unauthorised devices or suspicious users from accessing critical data and cloud services. They also offer discovery services to identify vulnerable, or suspicious traffic.

Tech Express - CASB ExplainedCBR: What are the challenges for businesses in deploying/adopting CASBs?

EM: The main challenge faced by enterprises when adopting a CASB is the choice of architecture: proxy or API? Architecture is foundational and, thus, tricky to change. Both types provide organisations with control and visibility into data in cloud applications. Proxy based CASBs are networking vendors; they process traffic similar to Web Gateway vendors. This is a more difficult engineering exercise than that of using APIs. Therefore, it is relatively easy for a proxy vendor to begin supporting APIs, but not the reverse.

Businesses must be aware that, if they choose an API-only CASB, it will be considerably harder for them to retrofit proxy architecture to their platforms. In the end businesses should choose a solution which delivers both as the cornerstone of the CASB solution.


CBR: What are the main benefits for businesses in having CASBs?

EM: CASB is the only technology that can effectively secure all data residing outside an enterprise’s network perimeter, typically in cloud applications or mobile devices. With more and more companies embracing BYOD (80% of employees admit to using it) and SaaS applications, CASB can help to get a handle on the movements of sensitive data, without compromising the end user experience of cloud apps. This will enable businesses to safely enable cloud applications for their users/employees, without the compromise of potential dataleakage.

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.